Lucene search
F5F5:K15150HistoryApr 07, 2014 - 12:00 a.m.
K15150 : cURL and libcurl vulnerability CVE-2013-4545
2014-04-0700:00:00
my.f5.com
17
Security Advisory Description
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. (CVE-2013-4545)
Impact
None. No F5 products are affected by this vulnerability.
Note: F5 products may use a version of cURL and libcurl that is affected by this vulnerability. However, those F5 products do not disable SSL_VERIFYPEER which is required for the vulnerability.
Related
nessus
nessus
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : curl vulnerability (USN-2048-1)
2013-12-06 00:00:00
Fedora 20 : mingw-curl-7.33.0-1.fc20 (2013-22046)
2013-12-14 00:00:00
SUSE SLED11 / SLES11 Security Update : curl (SUSE-SU-2014:0004-1)
2015-05-20 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2798-1)
2013-11-16 00:00:00
Fedora Update for mingw-curl FEDORA-2013-21887
2013-12-03 00:00:00
nvd
nvd
CVE-2013-4545
2013-11-23 11:55:04
fedora
fedora
[SECURITY] Fedora 19 Update: mingw-curl-7.33.0-1.fc19
2013-12-02 09:35:24
[SECURITY] Fedora 20 Update: mingw-curl-7.33.0-1.fc20
2013-12-14 03:07:35
[SECURITY] Fedora 19 Update: mingw-curl-7.37.0-1.fc19
2014-06-10 03:11:23
cvelist
cvelist
CVE-2013-4545
2013-11-23 11:00:00
cve
cve
CVE-2013-4545
2013-11-23 11:55:04
mageia
mageia
Updated curl packages fix CVE-2013-4545
2013-11-21 00:56:39
ubuntu
ubuntu
curl vulnerability
2013-12-05 00:00:00
debian
debian
[SECURITY] [DSA 2798-1] curl security update
2013-11-17 18:32:28
[SECURITY] [DSA 2798-2] curl security update
2013-11-20 22:16:54
[SECURITY] [DSA 2798-2] curl security update
2013-11-20 22:16:54
securityvulns
securityvulns
[ MDVSA-2013:276 ] curl
2013-11-26 00:00:00
cURL certificates spoofing
2013-12-23 00:00:00
f5
f5
SOL15150 - cURL and libcurl vulnerability CVE-2013-4545
2014-04-07 00:00:00
prion
prion
Design/Logic Flaw
2013-11-23 11:55:00
ubuntucve
ubuntucve
CVE-2013-4545
2013-11-23 00:00:00
CVE-2013-6422
2013-12-17 00:00:00
debiancve
debiancve
CVE-2013-4545
2013-11-23 11:55:04
ibm
ibm
Security Bulletin: Vulnerabilities in curl affect IBM Flex System Manager (FSM): (CVE-2013-2174 CVE-2013-4545 CVE-2014-0015 CVE-2014-0138 CVE-2014-013)
2019-01-31 01:30:01
kaspersky
kaspersky
KLA10458 Multiple vulnerabilities in HP SMH
2014-01-10 00:00:00
hackerone
hackerone
curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS
2024-03-14 11:49:49
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00